Tutorials Sections

Setting up vantaged.conf:

          vantaged.sh.linux stop

Now lets edit the vantaged.conf file.
Uncomment the option 'dsync_app_enabled = yes' if its commented out. (If dsync_app_enabled is set to 'no' change it to 'yes').
This will enable the DNSKEY coordination application of vantaged.

We need to tell vantaged how often to check a given zone for a change in the key set. To do this, uncomment the line that says 'dsync_query_sleep' and set it to an appropriate value.

The last option to configure is 'dsync_weighted_check'. This value controls how often the D-Sync vantaged application will attempt to relearn the NS set before proceeding with its normal queries. Acceptable values are between 0 and 1. A value of 0 means D-Sync will only relearn the nameserver set after it has detected a key change. A value of 1 means D-Sync will relearn the nameserver set before every block of queries. A value of 0.5 means D-Sync would relearn the NS set on average every 2 blocks of queries (half the time).

Dashboard Website Interface

      127.0.0.1:9080/dsync

     [yourbox]:9080/dsync

Add Zone : To add a zone for monitoring, use this link on the web page. There is only one field to complete, in which you must paste a valid DNSKEY (one that signs the key set for the zone you'd like to monitor) using the BIND key file format.

The BIND format is as follows (the same as the DiG display format (minus extra whitespace), excluding the TTL):

• Fully qualified zone name (ascii)
• Class (ascii)
• Type (ascii)
• Flags (numeric)
• Algorithm (numeric)
• Protocol (numeric)
• Key (base 64 representation)
  

An example input screen and key follows:

Interpreting the Status Page

The web dashboard is able to provide current status for any zone D-Sync is monitoring. From the main page, click "Zone Info", then type in the fully qualified zone name of the zone you are interested in seeing.

The resulting page should look like the one to the right. The status information you get includes the following

• Status: This is the synchronization status of the zone, and can be one of the following:
• In-Sync: The zones are correctly synchronized and not participating in any key rollover
• Error State: The zone has encountered an unexpected event, and requires user intervention to restore it to synchronized status
• Waiting DNSKEY TTL for caches to learn the new key: A new key has been detected, but there has not yet been sufficient time for caches to learn it.
• Key has changed, waiting on parent to update DS records: A new key has been found, and caches have had time to learn it. The parent can now update their DS record to match the new key.
• Waiting DS TTL for caches to clear the old DS: The parent has updated their DS to match the new key, but there has not yet been sufficient time for caches to learn it.
• Parent has updated DS. Please remove old DNSKEY: The parent has updated their DS record to match the new key, and caches have had time to learn it. You may now remove the old DNSKEY.
• Key set: The current active DNSKEYs for the zone
• DS Set: The current active DS records for the zone

An example status page follows (zone names have been edited out):